26 comments

[ 2.9 ms ] story [ 43.1 ms ] thread
Its a chinese company. They don't give a single flying fuck. Nor do almost all consumers as long as the product is good. And no western government is gonna care because we let ourselves become so dependent on cheap chinese manufacturing.
It's become rather clear that Open source licenses are vulnerable, since defending them costs large amount of money, and proving violations can be hard since by definition the products that break them are closed-source.
Kind of love the irony of this being an xcancel link
This post is now gone. Click the down button and stop reading.

It seems we have arrived at the "HN does not read license texts" hour again.

Cannot agree more with Josef on how dangerous this is for our intellectual property; Of course there laws and mechanisms in China for the government to obtain any information retained by their companies under any possible justification, but the US does so, and thanks to the Cloud Act they can simply decide to do the same with any of the big players sitting in their territory (even to servers located out of their territory).

So, taking into account >80% of European companies rely either on Amazon, Microsoft or Google to store all their most private and business sensitive data, is this any different from all the data we are possibly leaking already? Same with AI, same with the phones and payment systems we use on a daily basis...

Sometimes I just have the impression that this has nothing to do with protecting our intellectual property but rather with finding an enemy and focus on that while pretending everything else is fine... and a blogpost from the owner of Prusa Research talking about their main competitor is a good demonstration of that.

I would like some precedents, to see if AGPL is actually enforceable. Many licenses put several demands on user, but are some parts are void and illegal. Like OEM licenses for MS Windows, that forbit reselling.

License can not order someone to publish something. They may not have a rights to publish code, or it was created as part of employment...

I can't help but wonder how could, Bambulabs or the Chinese government, actually mine that data? In my mind, 3D models fail into two categories: artistic and utilitarian, though there's a continuum between those two. With the artistic side, the Chinese government could find itself in possession of tons and tons of Western miniatures. With the utilitarian side, they will find themselves in possession of lots and lots of random parts with no way to know what they are for. Of course, there's no telling if the next step of boiling the frog is to require users to attach metadata to their models before the printer prints them...
This is an issue for me and my company.

I'm building a prototype chemical vapor deposition system in a space with strong Chinese interest and activity. I picked Prusa 3D machines over Bambu because of the potential for losing critical proprietary IP with Bambu. Can't take the chance.

Can you just sue them over it? Sure they are a Chinese company but they also operate in Europe and US?
I use my printer to make prototypes for my business. There is no way in hell I'm sending them into the internet for some random to examine.

I think my next printer will be mostly 3D printed, with a few generic parts like motor controllers, the odd bit of metal tubing, off the shelf bed levelling system, open source software etc.

I only need single colour prints for work, and AFAIK the fastest printer on the planet is mostly 3D printed, I'd start with that one as a base and adapt it for my needs. I considered Bambu until they started down the road that ends with me not having control of the product I own. Any company on that path does not get my money.

You certainly can design or build it yourself, but you don't have to.

There's an absolute fuckton of new, offline 3D printers for sale in the world. If disconnected operation is the goal, then finding a disconnected printer to buy is a simple affair. Lots of them just take regular gcode (as produced by Orca Slicer or similar) from an SD card or over USB, and don't have built-in networking as a feature at all.

If having it run open-source firmware is also a goal, then that's fine too: Research it first to ensure that its stock controller board can be flashed with custom-built Marlin (for complete airgap) and/or Klipper (which tends to imply LAN-only connectivity).

Being able to run open firmware is more common than it is unusual.

It's a pretty basic research task to drill down and then pick one with the price/performance/community/support characteristics that you want. After that, just assemble the machine when it shows up, and then build Marlin or Klipper for it.

And people in the 3D printing community will help with all aspects of this process, regardless of how you set your own goals. :)

Can I just say: thank you for posting an xcancel link and not linking to X directly! I forgot Xcancel was a thing, I might actually start using it occasionally now.
I sure hope none of Ukrainian shops use Bambu Cloud printers to do their drone manufacturing.
With DeepSeek making their price rebates permanent we now have some data what China values data access at.

Western providers of the open weight models are 3 times or more as expensive as DeepSeek itself right now.

Of course the data access for the Chinese is not the only part valued in there, but I am pretty sure it is one.

I don't like all this shaming on social media. It feels performative and leaves a bad taste in my mouth.

If they're in violation of your copyright agreements, sue them. If you can't sue them because it's unenforceable, well, that sucks, but too bad.

I don't know what they expect to happen here. Is there even a clear call to action? Boycott? Do something.

Surprise: another day of mechanical engineers not really understanding what open source really means.

I mean this as general advice; never trust software released/written/shared by mechanical/robotics engineers, especially ones from China. There's something deep-seated in their psychology where they ignore coding standards and can't conceptualize and obey software licenses.

Am I the only one who read this and contemplated that it would be entirely straightforward for a Chinese AI inference provider to efficiently scan their input and output token streams to identify cryptographic keys, access tokens and interesting vulnerabilities?

(And, frankly, for Western providers to do similar things. Even major players like OpenAI have terms that really should not be seen as commercially acceptable unless you manage to negotiate ZDR.)

100% chance that access to every major company is somewhere in the chat logs
> The standard defense for something like this is "the plugin is a separate work, so it's not subject to copyleft." That argument falls apart on contact with the actual software. BS cannot do its primary job without the plugin. The plugin cannot do anything without BS.

But that's just not true? You can connect a printer in LAN/dev mode and print directly from slicer to printer. There are apparently some issues with more complex network setups but that seems to be the exception rather than the rule.

I think the concerns he has generally are valid, but I have yet to see something from a legal perspective (e.g. precedent) that convinces me this constitutes a license violation. Would love to see one.

3D printing is still very much an enthusiast, techie driver market. The degree to which Bambu has done their best to alienate that market is beyond astonishing.

I really like Bambu's machines. Their quality and prices are both excellent. But they no longer have an edge feature and speed wise. I can get pretty much the same product from Creality, so why would I even entertain a user-hostile company like Bambu?

Where is the lawyer involvement? Why has no TRO been filed to prevent Bambu from selling in the US? This is a problem with a legal solution, yet we collectively just wring our hands and wish for a technological solution.
Too bad the Software freedom conservency and FSF dont have harsh punitive measures they push. Else theyd demand a pound of CEO flesh, or push the US gov to ban all imports and sales.

Instead, its negotiation and laughable settlements.

As someone who does work with FLOSS, if I violated their copyright/patent, theyd extract pounfs of flesh from me. Tit for tat.

Im done with nice. I want blood from corporations who wrong us.

How is there no enforcement paths?

If Josef really wants to go after BambuLab over AGPL violations he can do what the music/movie industries did: have them blocked at the ISP level.

Cease and desist for all servers outside China. Block traffic at ISP levels.

Unlike various pirate websites there won't be a hundred copy cats to also hunt down.